Reject all expressions with __ in them.

author Joe Wreschnig <joe.wreschnig@gmail.com>

Sun, 10 Jun 2012 08:42:21 +0000 (10:42 +0200)

committer Joe Wreschnig <joe.wreschnig@gmail.com>

Sun, 10 Jun 2012 08:42:21 +0000 (10:42 +0200)
author Joe Wreschnig <joe.wreschnig@gmail.com>
Sun, 10 Jun 2012 08:42:21 +0000 (10:42 +0200)
committer Joe Wreschnig <joe.wreschnig@gmail.com>
Sun, 10 Jun 2012 08:42:21 +0000 (10:42 +0200)
diff --git a/bulletml/expr.py b/bulletml/expr.py

index 385b31b5ab1d8fc1122d1f903f076a938876ba69..c7d40983dd620d5fa961f7fb70b5b1e7111f456c 100644 (file)
--- a/bulletml/expr.py
+++ b/bulletml/expr.py
@@ -38,6 +38,12 @@ class NumberDef(object):
              expr = expr.string
          except AttributeError:
              pass
+        try:
+            if "__" in expr:
+                # nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
+                raise ExprError(expr)
+        except TypeError:
+            pass
          self.string = expr = str(expr)
          repl = lambda match: "params[%d]" % (int(match.group()[1:]) - 1)
          expr = re.sub(r"\$\d+", repl, expr.lower())
author	Joe Wreschnig <joe.wreschnig@gmail.com>
	Sun, 10 Jun 2012 08:42:21 +0000 (10:42 +0200)
committer	Joe Wreschnig <joe.wreschnig@gmail.com>
	Sun, 10 Jun 2012 08:42:21 +0000 (10:42 +0200)